what about the likes of nxt or soon to be nem? they are far superior platforms nem being more so. what makes then "unviable" in your opinion?

There is no known solution to the "nothing-at-stake" problem (also known as the "history-rewrite" problem) that all proof-of-stake (PoS) distributed consensus mechanisms suffer from. This has been debated ad nauseum since the original thread on July 11, 2011: https://bitcointalk.org/index.php?topic=27787.0. Current PoS coins get around this problem, for example, by having the developers sign blocks as valid (Peercoin) or by introducing regular blockchain checkpoints into the code (Nxt). In other words, these PoS coins are not decentralized.

Even ignoring the nothing-at-stake problem, "dubious" is probably a better adjective than "superior" to describe these platforms.

theres a bounty equal to the market cap of nxt. if it was doable. do you not think it would have been done?

...Current PoS coins get around this problem, for example, by having the developers sign blocks as valid (Peercoin) or by introducing regular blockchain checkpoints into the code (Nxt). In other words, these PoS coins are not decentralized…

nem has 3000 original stake holders and a new proof importance algo which means that the nodes that are more important to the network "mine/forge" more than those with simply more coins. which fixes the hoarding issues inherent in nxt. 3000 stake holders will get equal amounts, there was not an ipo, its was a "pay a fee, join the movement" sort of thing. so even the ipo does no favor those with better finances. also the stake holder list went through weeks of taint analysis and auditing to remove sock puppets.

All of this you could have avoided by just using a mechanism that requires you to pay the market value for any stake, such as a PoW..

The way the percentage is measured is more or less, after the fact.Its done by looking at who solved the blocks. You are proposing a way of measuring the hash power that went into that solve other than just estimating based on time and averages, numbers of have shes submitted, etc.

I thought it was measured by who relayed the block?

Yes, precisely right. Point being, it doesn't account for hash power that went into the solving (and ultimately the relay) or the amount of hashing in the pool, or any of that. It is measured after the fact.Thus preventing pools with "too high hash rate" is not even easily determinable.

Also there is what I think of as the "Tusken Raider" attack that GHash.io/CEX/Bitfury is currently doing to hide the amount of hash power in different pools.

The way the percentage is measured is more or less, after the fact.Its done by looking at who solved the blocks. You are proposing a way of measuring the hash power that went into that solve other than just estimating based on time and averages, numbers of have shes submitted, etc.

I thought it was measured by who relayed the block?

Yes, precisely right. Point being, it doesn't account for hash power that went into the solving (and ultimately the relay) or the amount of hashing in the pool, or any of that. It is measured after the fact.Thus preventing pools with "too high hash rate" is not even easily determinable.

Also there is what I think of as the "Tusken Raider" attack that GHash.io/CEX/Bitfury is currently doing to hide the amount of hash power in different pools.

But then it's also possible that the threat is overestimated by that same logic.

Also, I've followed the story behind Bitfury because of his phenomenal success and rise to fame from his garage in Russia. Also because I hash with his units. If there was one rags to riches bitcoin success that wouldn't jeopardize his multi million dollar success story for a cup of coffee double spend attack it would be him. Also, it looks like he will be selling shares on Wall Street soon.

I found it interesting to read the comments of the ghash owner who said that pulling a double spend is actually quite difficult from an internal technical stand point.

I wonder what he was talking about?

He means that he almost didn't get away with it the last few times.

Seriously though, can you explain to me the mechanics of an attack scenario that is technically and economically viable, repeatable, undetectable and puts cash into his bank account as a result?

There are many. Here is a simple one:Lets pretend that there exists some bitcoin gambling sites where you send bitcoin as the mechanism of betting with immediate results knowable.If a losing bet somehow never made it into the block chain, but the winning ones did might that be profitable?If these are hidden within a large amount of betting, but just often enough to skew the odds in your favor so you have both house edge and betting control, all of the assets of such a gambling site could be siphoned out over time repeately. Since the transaction record is the block chain itself for this site, and the individual bets are not preserved for some privacy sensitive reason, you get a scenario such as the one you requested.

More complex scenarios would also include being discovered, (rogue employee found a way around internal safeguards?) which then creates a confidence attack on the price. But you knew ahead of time so you have a short position in place. As well as buying lots of cheap LTC ahead of this and holding it as the backup currency with better mining diversity so as folks shift to that for security, you get to sell into the demand.Managing the news cycle so as to create the right panic responses is also a piece of the game.

It is a small advantage in the security field to be blessed with an evil mind, and cursed with deep ethics. The world appears broken to us, everywhere we look, but we don't step through the cracks, as they all lead to condemnation of ourselves, and one can never escape one's self.

The way the percentage is measured is more or less, after the fact.Its done by looking at who solved the blocks. You are proposing a way of measuring the hash power that went into that solve other than just estimating based on time and averages, numbers of have shes submitted, etc.

I thought it was measured by who relayed the block?

Yes, precisely right. Point being, it doesn't account for hash power that went into the solving (and ultimately the relay) or the amount of hashing in the pool, or any of that. It is measured after the fact.Thus preventing pools with "too high hash rate" is not even easily determinable.

Also there is what I think of as the "Tusken Raider" attack that GHash.io/CEX/Bitfury is currently doing to hide the amount of hash power in different pools.

But then it's also possible that the threat is overestimated by that same logic.

Also, I've followed the story behind Bitfury because of his phenomenal success and rise to fame from his garage in Russia. Also because I hash with his units. If there was one rags to riches bitcoin success that wouldn't jeopardize his multi million dollar success story for a cup of coffee double spend attack it would be him. Also, it looks like he will be selling shares on Wall Street soon.

Even if 100% righteous, one may still fall to coercion.

Of it it is merely money that motivates. There are larger sums available, and at stake, than the market cap of bitcoin.The centralization itself is the problem... Doesn't even matter if rags to riches guys are perfectly honest. They are vulnerable if they love their kids, or parents, or anyone even themselves more than Bitcoin's integrity.

Installing centralized banking control over a population has been done with wars and assassinations and all manor of wickedness. A Double spending attack is comparatively benign.

I'm not saying that any of this is going to happen, or not even that there are folks that think bitcoin isn't good for them and might want to see it fail, or that if there were such folks, that they might have vast resources and the capability to execute complicated plans.But since you asked.... yes it exists as an existential risk to bitcoin. Maybe you give it a pValue of .01 or less. Even so, if it were in play... all the pieces are in the right places for it.

I found it interesting to read the comments of the ghash owner who said that pulling a double spend is actually quite difficult from an internal technical stand point.

I wonder what he was talking about?

He means that he almost didn't get away with it the last few times.

Seriously though, can you explain to me the mechanics of an attack scenario that is technically and economically viable, repeatable, undetectable and puts cash into his bank account as a result?

There are many. Here is a simple one:Lets pretend that there exists some bitcoin gambling sites where you send bitcoin as the mechanism of betting with immediate results knowable.If a losing bet somehow never made it into the block chain, but the winning ones did might that be profitable?If these are hidden within a large amount of betting, but just often enough to skew the odds in your favor so you have both house edge and betting control, all of the assets of such a gambling site could be siphoned out over time repeately. Since the transaction record is the block chain itself for this site, and the individual bets are not preserved for some privacy sensitive reason, you get a scenario such as the one you requested.

More complex scenarios would also include being discovered, (rogue employee found a way around internal safeguards?) which then creates a confidence attack on the price. But you knew ahead of time so you have a short position in place. As well as buying lots of cheap LTC ahead of this and holding it as the backup currency with better mining diversity so as folks shift to that for security, you get to sell into the demand.Managing the news cycle so as to create the right panic responses is also a piece of the game.

It is a small advantage in the security field to be blessed with an evil mind, and cursed with deep ethics. The world appears broken to us, everywhere we look, but we don't step through the cracks, as they all lead to condemnation of ourselves, and one can never escape one's self.

Ghash already did that one. the amount was small, the double spend was detected by the community, the rogue employee was caught, and they've never done it again. Remember 51% means they lose blocks 49% of the time. How do they repeatably build a 2-3 block lead, orphan off the double spend block, withdraw the stolen bitcoin from the exchange, without being detected?

nem has 3000 original stake holders and a new proof importance algo which means that the nodes that are more important to the network "mine/forge" more than those with simply more coins. which fixes the hoarding issues inherent in nxt. 3000 stake holders will get equal amounts, there was not an ipo, its was a "pay a fee, join the movement" sort of thing. so even the ipo does no favor those with better finances. also the stake holder list went through weeks of taint analysis and auditing to remove sock puppets.

All of this you could have avoided by just using a mechanism that requires you to pay the market value for any stake, such as a PoW..

that mechanism is far less than optimal for many reasons and excludes those who don't have mining gear and favours those with higher powered mining gear. It's no different to "rich getting richer" in nxt. In that respect, pow is elitist

that mechanism is far less than optimal for many reasons and excludes those who don't have mining gear and favours those with higher powered mining gear. It's no different to "rich getting richer" in nxt. In that respect, pow is elitist

This is the problem with proof of stake: it was invented by people who have no idea what problem mining is supposed to solve and have some agenda other than solving that problem.

Mining is not about allocating the issuance of new coins. The fact that they are tied together in Bitcoin is a temporary coincidence. Mining is about solving the problem of distributed consensus - how do a bunch of independent nodes spread all over the planet agree on a precise ordering of transactions when every node must operate with an incomplete view of the network and anybody might be trying to cheat?

This problem has nothing to do with elitism or notions of fairness or populism. Overlaying those agendas into the solution is a great way to not solve the problem.

As nodes on the network continually work to establish a consistent of narrative of what has happened in the netwowk based on their own incomplete knowledge, there will be times where two nodes disagree. Mining is nothing more than a signalling mechanism which provides an objective basis for choosing which version of history to treat as correct, whenever a conflict occurs such that more than one alternative version exist.

The design criteria for what makes a good mining algorithm comes from signalling theory:

Quote

Quote

Two individuals have access to different information.

They could both gain if they could honestly share this information.

However, their interests do not coincide entirely, and so each has an incentive to deceive the other.

How can honest communication be ensured?

How can honest communication be ensured despite conflicting interests between a signaller and a signal receiver?

Economists and biologists independently proposed that the costs associated with producing signals can provide a solution to this problem. Loosely paraphrased, the solution typically takes the following form.

Quote

Suppose that signals are costly, and that for one reason or another, lies cost more than honest signals.

If telling the truth is cheap enough and telling a lie is costly enough, it may be worthwhile to communicate honestly but not to lie.

There's a reason that when Wei Dai proposed b-money in 1998, he didn't even bother to explain why calculations in a proof of work system, "must be easy to determine how much computing effort it took to solve the problem and the solution must otherwise have no value, either practical or intellectual." He assumed this statement would be so obviously true that no explanation was needed. Apparently this is no longer the case.

The signal sent by proof of work is the amount of opportunity cost the miner has paid in order to produce the block. The fact that mining calculations are completely useless outside the signalling system itself is what makes lies more expensive than telling the truth, thus satisfying the conditions for honest signalling. The opportunity cost the miner pays to produce a block only represents a profitable trade for the miner if the network accepts their block. So when it comes to a node in the network choosing between two valid blocks, choosing to accept the block with the higher PoW means choosing the block which produced by the miner who has the most at stake in terms of opportunity cost paid.

Note that if the miner has to use specialized hardware for which there is no possible use other than mining, the signal is even better than performing otherwise-useless calculations on general purpose hardware. Higher opportunity costs = more reliable signal.

Proof of work is a proof of stake system, the only one that actually works.

PoS coins use the number of coins held as the basis for their signalling system. Since coins have an exchange rate, they obviously do not fulfill the criteria of having no value, either practical or intellectual. Thus PoS is not an viable mechanism for honest signalling.

that mechanism is far less than optimal for many reasons and excludes those who don't have mining gear and favours those with higher powered mining gear. It's no different to "rich getting richer" in nxt. In that respect, pow is elitist

This is the problem with proof of stake: it was invented by people who have no idea what problem mining is supposed to solve and have some agenda other than solving that problem.

Mining is not about allocating the issuance of new coins. The fact that they are tied together in Bitcoin is a temporary coincidence. Mining is about solving the problem of distributed consensus - how do a bunch of independent nodes spread all over the planet agree on a precise ordering of transactions when every node must operate with an incomplete view of the network and anybody might be trying to cheat?

This problem has nothing to do with elitism or notions of fairness or populism. Overlaying those agendas into the solution is a great way to not solve the problem.

As nodes on the network continually work to establish a consistent of narrative of what has happened in the netwowk based on their own incomplete knowledge, there will be times where two nodes disagree. Mining is nothing more than a signalling mechanism which provides an objective basis for choosing which version of history to treat as correct, whenever a conflict occurs such that more than one alternative version exist.

The design criteria for what makes a good mining algorithm comes from signalling theory:

Quote

Quote

Two individuals have access to different information.

They could both gain if they could honestly share this information.

However, their interests do not coincide entirely, and so each has an incentive to deceive the other.

How can honest communication be ensured?

How can honest communication be ensured despite conflicting interests between a signaller and a signal receiver?

Economists and biologists independently proposed that the costs associated with producing signals can provide a solution to this problem. Loosely paraphrased, the solution typically takes the following form.

Quote

Suppose that signals are costly, and that for one reason or another, lies cost more than honest signals.

If telling the truth is cheap enough and telling a lie is costly enough, it may be worthwhile to communicate honestly but not to lie.

There's a reason that when Wei Dai proposed b-money in 1998, he didn't even bother to explain why calculations in a proof of work system, "must be easy to determine how much computing effort it took to solve the problem and the solution must otherwise have no value, either practical or intellectual." He assumed this statement would be so obviously true that no explanation was needed. Apparently this is no longer the case.

The signal sent by proof of work is the amount of opportunity cost the miner has paid in order to produce the block. The fact that mining calculations are completely useless outside the signalling system itself is what makes lies more expensive than telling the truth, thus satisfying the conditions for honest signalling. The opportunity cost the miner pays to produce a block only represents a profitable trade for the miner if the network accepts their block. So when it comes to a node in the network choosing between two valid blocks, choosing to accept the block with the higher PoW means choosing the block which produced by the miner who has the most at stake in terms of opportunity cost paid.

Note that if the miner has to use specialized hardware for which there is no possible use other than mining, the signal is even better than performing otherwise-useless calculations on general purpose hardware. Higher opportunity costs = more reliable signal.

Proof of work is a proof of stake system, the only one that actually works.

PoS coins use the number of coins held as the basis for their signalling system. Since coins have an exchange rate, they obviously do not fulfill the criteria of having no value, either practical or intellectual. Thus PoS is not an viable mechanism for honest signalling.

Thank you for answering that roll your eyes assertion. I clearly did not have the energy to do so. You did.

Thank you for answering that roll your eyes assertion. I clearly did not have the energy to do so. You did.

Great explanation.

The reason I had the energy is that I was already working on that explanation because it's part of an article I want to write in the near future. It just so happened that kodtycoon's post was a great opportunity to create a preview/summary.

Thank you for answering that roll your eyes assertion. I clearly did not have the energy to do so. You did.

Great explanation.

The reason I had the energy is that I was already working on that explanation because it's part of an article I want to write in the near future. It just so happened that kodtycoon's post was a great opportunity to create a preview/summary.

So if Wei Dai conceptualized that, what was Adam Back's contribution to POW?

// START_DEFINITION/*this variable contains the 3 Tor directory servers hosted in FVEY countries.Please do not update this variable with non-FVEY IPs. These are held in aseparate variable called $tor_foreign_directory_ip. Goal is to find potentialTor clients connecting to the Tor directory servers.*/$tor_fvey_directory_ip = ip('128.31.0.39' or '216.224.124.114' or'208.83.223.34') and port ('80' or '443');// END_DEFINITION

that mechanism is far less than optimal for many reasons and excludes those who don't have mining gear and favours those with higher powered mining gear. It's no different to "rich getting richer" in nxt. In that respect, pow is elitist

This is the problem with proof of stake: it was invented by people who have no idea what problem mining is supposed to solve and have some agenda other than solving that problem.

Mining is not about allocating the issuance of new coins. The fact that they are tied together in Bitcoin is a temporary coincidence. Mining is about solving the problem of distributed consensus - how do a bunch of independent nodes spread all over the planet agree on a precise ordering of transactions when every node must operate with an incomplete view of the network and anybody might be trying to cheat?

This problem has nothing to do with elitism or notions of fairness or populism. Overlaying those agendas into the solution is a great way to not solve the problem.

As nodes on the network continually work to establish a consistent of narrative of what has happened in the netwowk based on their own incomplete knowledge, there will be times where two nodes disagree. Mining is nothing more than a signalling mechanism which provides an objective basis for choosing which version of history to treat as correct, whenever a conflict occurs such that more than one alternative version exist.

The design criteria for what makes a good mining algorithm comes from signalling theory:

Quote

Quote

Two individuals have access to different information.

They could both gain if they could honestly share this information.

However, their interests do not coincide entirely, and so each has an incentive to deceive the other.

How can honest communication be ensured?

How can honest communication be ensured despite conflicting interests between a signaller and a signal receiver?

Economists and biologists independently proposed that the costs associated with producing signals can provide a solution to this problem. Loosely paraphrased, the solution typically takes the following form.

Quote

Suppose that signals are costly, and that for one reason or another, lies cost more than honest signals.

If telling the truth is cheap enough and telling a lie is costly enough, it may be worthwhile to communicate honestly but not to lie.

There's a reason that when Wei Dai proposed b-money in 1998, he didn't even bother to explain why calculations in a proof of work system, "must be easy to determine how much computing effort it took to solve the problem and the solution must otherwise have no value, either practical or intellectual." He assumed this statement would be so obviously true that no explanation was needed. Apparently this is no longer the case.

The signal sent by proof of work is the amount of opportunity cost the miner has paid in order to produce the block. The fact that mining calculations are completely useless outside the signalling system itself is what makes lies more expensive than telling the truth, thus satisfying the conditions for honest signalling. The opportunity cost the miner pays to produce a block only represents a profitable trade for the miner if the network accepts their block. So when it comes to a node in the network choosing between two valid blocks, choosing to accept the block with the higher PoW means choosing the block which produced by the miner who has the most at stake in terms of opportunity cost paid.

Note that if the miner has to use specialized hardware for which there is no possible use other than mining, the signal is even better than performing otherwise-useless calculations on general purpose hardware. Higher opportunity costs = more reliable signal.

Proof of work is a proof of stake system, the only one that actually works.

PoS coins use the number of coins held as the basis for their signalling system. Since coins have an exchange rate, they obviously do not fulfill the criteria of having no value, either practical or intellectual. Thus PoS is not an viable mechanism for honest signalling.